Viewers with viewers_can_edit should be able to access /explore (#15787)

* fix: Viewers with viewers_can_edit should be able to access /explore #15773 * refactoring initial PR a bit to simplify function and reduce duplication

Viewers with viewers_can_edit should be able to access /explore (#15787)
* fix: Viewers with viewers_can_edit should be able to access /explore #15773 * refactoring initial PR a bit to simplify function and reduce duplication
a81d5486 · Johannes Schill · Torkel Ödegaard · be8f60b0 · a81d5486 · a81d5486
Commit a81d5486 authored Mar 05, 2019 by Johannes Schill Committed by Torkel Ödegaard Mar 05, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

pkg/api/api.go
+1 -1

pkg/middleware/auth.go
+7 -1

No files found.
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -73,7 +73,7 @@ func (hs *HTTPServer) registerRoutes() {
 	r.Get("/dashboards/", reqSignedIn, hs.Index)
 	r.Get("/dashboards/*", reqSignedIn, hs.Index)

-	r.Get("/explore", reqEditorRole, hs.Index)
+	r.Get("/explore", reqSignedIn, middleware.EnsureEditorOrViewerCanEdit, hs.Index)

 	r.Get("/playlists/", reqSignedIn, hs.Index)
 	r.Get("/playlists/*", reqSignedIn, hs.Index)

--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@@ -4,7 +4,7 @@ import (
 	"net/url"
 	"strings"

-	"gopkg.in/macaron.v1"
+	macaron "gopkg.in/macaron.v1"

 	m "github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/setting"
@@ -52,6 +52,12 @@ func notAuthorized(c *m.ReqContext) {
 	c.Redirect(setting.AppSubUrl + "/login")
 }

+func EnsureEditorOrViewerCanEdit(c *m.ReqContext) {
+	if !c.SignedInUser.HasRole(m.ROLE_EDITOR) && !setting.ViewersCanEdit {
+		accessForbidden(c)
+	}
+}
+
 func RoleAuth(roles ...m.RoleType) macaron.Handler {
 	return func(c *m.ReqContext) {
 		ok := false